summaryrefslogtreecommitdiff
path: root/source4/auth/gensec
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14542: Remove librpc, libndr and libnbt from includes.hJelmer Vernooij5-0/+5
(This used to be commit 51b4270513752d2eafbe77f9de598de16ef84a1f)
2007-10-10r14497: Fix build with shared librariesJelmer Vernooij1-2/+2
(This used to be commit c74fc55831ca24819ae7f5e0920d0351e2b46a08)
2007-10-10r14492: Fix shared libs - set SO_VERSION to 0 everywhere for now.Jelmer Vernooij1-1/+1
(This used to be commit 4682bc5ce047d81586447b9df82c91ed1fe677cf)
2007-10-10r14484: Install more headersJelmer Vernooij2-3/+3
(This used to be commit 430c6516d383bfd7f27287394bf8eef9f174b3e6)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij2-2/+2
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14409: quieten warningsAndrew Tridgell1-0/+2
(This used to be commit 2ec2894f72b44ba4e400961921b65b03ad8742de)
2007-10-10r14383: Fix non-developer build.Jelmer Vernooij2-2/+2
(This used to be commit f4de155c94b89e586640d11992953a0d5fc0716d)
2007-10-10r14380: Reduce the size of structs.hJelmer Vernooij2-0/+2
(This used to be commit 1a16a6f1dfa66499af43a6b88b3ea69a6a75f1fe)
2007-10-10r14363: Remove credentials.h from the global includes.Jelmer Vernooij1-0/+6
(This used to be commit 98c4c3051391c6f89df5d133665f51bef66b1563)
2007-10-10r14327: Replace MAJOR_VERSION/MINOR_VERSION/RELEASE_VERSION with two parameters:Jelmer Vernooij1-3/+2
- VERSION: should contain the current version. Will be made part of the filename. - SO_VERSION: should contain the latest version that this on is compatible to. Will be used for setting the soname of the shared library. Fix sonames and use them on platforms that support them Remove symlinking code. ldconfig will take care of creating the symlinks now that we set the soname. (This used to be commit 7871b07e21c85c63d0ecac4c31b98dc112d18af5)
2007-10-10r14071: fix the buildStefan Metzmacher1-1/+2
metze (This used to be commit af63ed9eb3a5af3e4eeb84c66397255ea90ea764)
2007-10-10r14070: this functions need to be exported,Stefan Metzmacher1-1/+1
it's ugly, but they're used in torture tests I hope to find a better solution for this later... metze (This used to be commit be8874e9d3f1a022a42ccd1262dc5ce7bd5d1a91)
2007-10-10r14065: build gensec_schannel always static as libnet needs functions from itStefan Metzmacher1-0/+1
metze (This used to be commit 91a3a0b795ebe73d29b69bb40ae9e67b40f90212)
2007-10-10r13969: Make these names lowercase as well (just like they are now in the ↵Jelmer Vernooij1-1/+1
buildsystem) (This used to be commit 04c49e211fc4f80e03d9322b983bbde15baba640)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-10/+10
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13938: Around round of splitupsJelmer Vernooij2-0/+2
(This used to be commit 2d655f05285a86bb1bbb882e4dd843def15c9dfa)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij3-1/+4
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r13903: Don't generate prototypes for modules and binaries in include/proto.h byJelmer Vernooij3-0/+4
default. (This used to be commit c80a8f1102caf744b66c13bebde38fba74983dc4)
2007-10-10r13840: Mark some functions as public.Jelmer Vernooij1-13/+13
(This used to be commit 9a188eb1f48a50d92a67a4fc2b3899b90074059a)
2007-10-10r13655: Use new name of build headerJelmer Vernooij1-1/+1
(This used to be commit bca0e8054f6d9c7adc9d92e0c30d4323f994c9e9)
2007-10-10r13619: fix compiler warningStefan Metzmacher1-1/+1
metze (This used to be commit 7b284174aa36fdd5d6841dab4934f1f6ecfba4ce)
2007-10-10r13584: Another try at SPNEGO stuff. I need to write a better testsuite for ↵Andrew Bartlett1-0/+23
this. This tries to ensure that when we are a client, we cope with mechs (like GSSAPI) that only abort (unknown server) at first runtime. Andrew Bartlett (This used to be commit cb5d18c6190fa1809478aeb60e352cb93c4214f6)
2007-10-10r13583: Realise that the member server name appears in all calls that use theAndrew Bartlett1-1/+1
credentials. Consistantly rename these elements in the IDL to computer_name. Fix the server-side code to always lookup by this name. Add new, even nastier tests to RPC-SCHANNEL to prove this. Andrew Bartlett (This used to be commit 341a0abeb4a9f88d64ffd4681249cb1f643a7a5a)
2007-10-10r13481: As far as I can tell, my changes in -r 12863 were dangerously untested.Andrew Bartlett1-7/+8
We do need the gsskrb5_get_initiator_subkey() routine. But we should ensure that we do always get a valid key, to prevent any segfaults. Without this code, we get a different session key compared with Win2k3, and so kerberised smb signing fails. Andrew Bartlett (This used to be commit cfd0df16b74b0432670b33c7bf26316b741b1bde)
2007-10-10r13402: Make Samba4 pass a nastier RPC-SCHANNEL test.Andrew Bartlett3-50/+89
The new RPC-SCHANNEL test shows that the full credentials state must be kept in some shared memory, for some length of time. In particular, clients will reconnect with SCHANNEL (after loosing all connections) and expect that the credentials chain will remain in the same place. To achive this, we do the server-side crypto in a transaction, including the fetch/store of the shared state. Andrew Bartlett (This used to be commit 982a6aa871c9fce17410a9712cd9fa726025ff90)
2007-10-10r13344: Trust SASL to have subtle distinctions between NULL and zero-lengthAndrew Bartlett1-10/+24
responses... Also trust OpenLDAP to be pedantic about it, breaking connections to AD. In any case, we now get this 'right' (by nasty overloading hacks, but hey), and we can now use system-supplied OpenLDAP libs and SASL/GSSAPI to talk to Samba4. Andrew Bartlett (This used to be commit 0cbe18211a95f811b51865bc0e8729e9a302ad25)
2007-10-10r13342: Make the GSSAPI SASL mech actually work, by (shock horror) reading ↵Andrew Bartlett2-73/+436
the spec. GSSAPI differs from GSS-SPNEGO in an additional 3 packets, negotiating a buffer size and what integrity protection/privacy should be used. I worked off draft-ietf-sasl-gssapi-03, and this works against Win2k3. I'm doing this in the hope that Apple clients as well as SASL-based LDAP tools may get a bit further. I still can't get ldapsearch to work, it fails with the ever-helpful 'Local error'. Andrew Bartlett (This used to be commit 3e462897754b30306c1983af2d137329dd937ad6)
2007-10-10r13250: I missed a couple of talloc_free()'sAndrew Bartlett1-0/+2
Andrew Bartlett (This used to be commit 3570a62876dcd656b328bf8c2c1be617ae9a8fd7)
2007-10-10r13247: Try to make better use of talloc in the auth/ and auth/gensec code.Andrew Bartlett2-12/+30
We don't want temporary memory hanging around on the long-term contexts. Andrew Bartlett (This used to be commit 85b3f6ebddfb655fdd08d1799752e562a6ff9cb1)
2007-10-10r13245: Don't segfault if we don't have a credentials structure on this gensecAndrew Bartlett1-3/+6
context. Andrew Bartlett (This used to be commit 1e840aa43679ceccb2a3afc694a5de0828147e8c)
2007-10-10r13206: This patch finally re-adds a -k option that works reasonably.Andrew Bartlett5-49/+145
From here we can add tests to Samba for kerberos, forcing it on and off. In the process, I also remove the dependency of credentials on GENSEC. This also picks up on the idea of bringing 'set_boolean' into general code from jpeach's cifsdd patch. Andrew Bartlett (This used to be commit 1ac7976ea6e3ad6184c911de5df624c44e7c5228)
2007-10-10r12863: As lha suggested to me a while back, it appears that theAndrew Bartlett1-8/+7
gsskrb5_get_initiator_subkey() routine is bougs. We can indeed use gss_krb5_get_subkey(). This is fortunate, as there was a segfault bug in 'initiator' version. Andrew Bartlett (This used to be commit ec11870ca1f9231dd3eeae792fc3268b31477e11)
2007-10-10r12804: This patch reworks the Samba4 sockets layer to use a socket_addressAndrew Bartlett3-61/+21
structure that is more generic than just 'IP/port'. It now passes make test, and has been reviewed and updated by metze. (Thankyou *very* much). This passes 'make test' as well as kerberos use (not currently in the testsuite). The original purpose of this patch was to have Samba able to pass a socket address stucture from the BSD layer into the kerberos routines and back again. It also removes nbt_peer_addr, which was being used for a similar purpose. It is a large change, but worthwhile I feel. Andrew Bartlett (This used to be commit 88198c4881d8620a37086f80e4da5a5b71c5bbb2)
2007-10-10r12694: Move some headers to the directory of the subsystem they belong to.Jelmer Vernooij1-1/+1
(This used to be commit c722f665c90103f3ed57621c460e32ad33e7a8a3)
2007-10-10r12682: This patch finally fixes our kpasswdd implementation to be compatibleAndrew Bartlett3-8/+146
with clients compiled against the MIT Kerberos implementation. (Which checks for address in KRB-PRIV packets, hence my comments on socket functions earlier today). It also fixes the 'set password' operation to behave correctly (it was previously a no-op). This allows Samba3 to join Samba4. Some winbindd operations even work, which I think is a good step forward. There is naturally a lot of work to do, but I wanted at least the very basics of Samba3 domain membership to be available for the tech preview. Andrew Bartlett (This used to be commit 4e80a557f9c68b01ac6d5bb05716fe5b3fd400d4)
2007-10-10r12670: Make a couple of dependencies stricterJelmer Vernooij1-1/+1
Re-introduce and use the OUTPUT_TYPE property for MODULEs to force specific modules to always be included (This used to be commit f9eede3d40098eddc3618ee48f9253cdddb94a6f)
2007-10-10r12628: Prevent double registration warningsJelmer Vernooij1-1/+1
(This used to be commit 98ec52beeed47c71861c284c7aae66269c074e66)
2007-10-10r12621: INIT_FUNCTION no longer has to be set on librariesJelmer Vernooij1-1/+0
(This used to be commit 7ff1ecdc6fa9e360dedf9737da6ce1941ad5033e)
2007-10-10r12620: Get rid of automatically generated lists of init functions of ↵Jelmer Vernooij1-0/+5
subsystems. This allows Samba libraries to be used by other projects (and parts of Samba to be built as shared libraries). (This used to be commit 44f0aba715bfedc7e1ee3d07e9a101a91dbd84b3)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij3-5/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12592: Remove some useless dependenciesJelmer Vernooij1-2/+2
(This used to be commit ca8db1a0cd77682ac2c6dc4718f5d753a4fcc4db)
2007-10-10r12542: Move some more prototypes out to seperate headersJelmer Vernooij3-1/+3
(This used to be commit 0aca5fd5130d980d07398f3291d294202aefe3c2)
2007-10-10r12499: Move smb_build.h out of includes.hJelmer Vernooij1-0/+1
(This used to be commit c92ace494f92084ddf178626cdf392d151043bc7)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-10/+8
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r12494: Support loading modules from .so files for most subsystems.Jelmer Vernooij1-0/+8
We now use a different system for initializing the modules for a subsystem. Most subsystems now have an init function that looks something like this: init_module_fn static_init[] = STATIC_AUTH_MODULES; init_module_fn *shared_init = load_samba_modules(NULL, "auth"); run_init_functions(static_init); run_init_functions(shared_init); talloc_free(shared_init); I hope to eliminate the other init functions later on (the init_programname_subsystems; defines). (This used to be commit b6d2ad4ce0a91c4be790dd258820c492ff1787ea)
2007-10-10r12439: No need to keep walking this list if we find the match.Andrew Bartlett1-0/+1
Andrew Bartlett (This used to be commit cf1883c3cc1feecf3ddd7f36dbbca3bdf068bee2)
2007-10-10r12436: Fix Samba4 as a server to Win2000 for the domain join.Andrew Bartlett1-46/+74
We still have Win2000 issues, but now we correctly handle the case where NTLMSSP is chosen as an authentication mech, but the OID list still contains Kerberos as a later option. Andrew Bartlett (This used to be commit dc2b2c33f89b84bd221c9009750a22ff42fc462d)
2007-10-10r12268: Use transactions to ensure that the schannel db is consistant.Andrew Bartlett1-0/+17
Andrew Bartlett (This used to be commit 949137e3122a3163a9fc923a418633a791364afe)
2007-10-10r12254: Add some (hopefully correct) descriptions for libraries that are ↵Jelmer Vernooij1-0/+1
installed. Install pkg-config files. (This used to be commit a86abe84e2cae7c6188c094a92c6b62aace02fdf)
2007-10-10r12227: I realised that I wasn't yet seeing authenticated LDAP for the ldbAndrew Bartlett1-1/+2
backend. The idea is that every time we open an LDB, we can provide a session_info and/or credentials. This would allow any ldb to be remote to LDAP. We should also support provisioning to a authenticated ldap server. (They are separate so we can say authenticate as foo for remote, but here we just want a token of SYSTEM). Andrew Bartlett (This used to be commit ae2f3a64ee0b07575624120db45299c65204210b)